Openssl heartbleed
跳到导航
跳到搜索
- Only 1.0.1 and 1.0.2-beta releases of OpenSSL are affected including 1.0.1f and 1.0.2-beta1.
- upgrade to OpenSSL 1.0.1g[1]
- or recompile affected versions with the option -DOPENSSL_NO_HEARTBEATS.
- 在没有升级包的系统上,可以选择自己重新编译openssl
$ yum groupinstall rpmdevtools
$ yumdownloader --source openssl
$ rpm -ivh ./openssl*.src.rpm
$ nano ~/rpmbuild/SPECS/openssl.spec
--- replace a line like: Release: 1%{?dist}
--- with something like: Release: 1%(?dist}.heartbleed
--- replace a line like: RPM_OPT_FLAGS="$RPM_OPT_FLAGS -Wa,--noexecstack"
--- with something like: RPM_OPT_FLAGS="$RPM_OPT_FLAGS -Wa,--noexecstack -DOPENSSL_NO_HEARTBEATS"
$ rpmbuild -ba ~/rpmbuild/SPECS/openssl.spec
$ i386 rpmbuild -ba ~/rpmbuild/SPECS/openssl.spec # execute it only if on x86_64
$ rpm -Fvh ~/rpmbuild/RPMS/*/openssl*.rpm